1. Field of the Invention
The present invention relates to an information security system and a method thereof, and particularly to an information security system for tracing the information outflow and a method for tracing the same in order to prevent the information of an organization from being flown out.
2. Description of the Related Art
Nowadays, with the development of the communication technologies and the wide spread of computers, data which had been manually handled can be processed by computers and data which had been manually transmitted by a person are transmitted by the computer communications. As the communication technologies have been developed and the data have been transmitted via the computer communications, the efficiency of the work can be enhanced. Moreover, with the appearance of a distributed system based on the computer communication, the efficiency is doubled.
Accordingly, each organization establishes various kinds of the distributed system. Out of the structures of the distributed system, a client-server model using an internal network is most typical.
The client-server model is composed of: a file server which shares a large quantity of files; device servers, i.e., a printer server, a plotter server and a modem server which share devices such as a printer; client computers which use the servers; and an internal network, i.e., a local area network (LAN) which interconnects the aforesaid servers and computers.
FIG. 1 is a conventional internal communication system composed of a plurality of computers and servers.
As shown in the drawing, the system includes: a file server 11 for storing an operation data of an organization; a printer server 12 for processing a printing command after receiving the command from an internal computer; a local area network (LAN) 13 for a data communication inside of the organization; and internal computers 14 for accessing to the data stored in the file server 11 and requesting a printing operation to the printer server 12. Here, the LAN 13 is connected to an external network and can perform a data communication with the computers connected to the external network.
As the operation of the internal communication system of the client-server model having the above-identified structure is conventional to the skilled in this art, the detailed description will be omitted.
The increase of the data processing using the computers in the organization and the increase of the computer communications which transmit data using the communication equipment can cause the information to be flown out to a competing organization.
Conventionally, the method for flowing out the data from the organization includes: an outflow by a storage medium such as a diskette, tape, etc.; an outflow by an output medium such as printing paper; and an outflow by a communication medium.
The data outflow by the conventional communication media is classified into the outflow through an Internet when the internal network is connected to the Internet through the dedicate communication line and the outflow by a public network through a modem attached to the computer.
Until now, the conventional information security system has mainly been directed to the network information security system for securing the internal system by preventing a thing which is harmful to the internal system such as a hacker from approaching to the internal network corresponding to the source of the data through a firewall.
Accordingly, there are no defensive measures for the data outflow by the storage media, output media and the communication media.
The network information security system in the internal network connected to the Internet can restrict the data outflow using a destination to which data is transmitted. However, as this method applies a role of the firewall that all data which are not allowed cannot be transmitted/received, the transmission of selective data according to the security grade of the destination cannot be performed. In results, the efficiency of the data communication system is decreased due to the restriction of the unnecessary data transmission.
As described above, the important data stored in the file server of the internal communication system can easily be accessed by persons who have undesirable motive and easily be flown out to the competing organization through the output device.